This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Help needed - Spring 3.0.x security + SiteMinder Integration

Mar 7th, 2011, 02:07 PM

Our project is planning to use authentication mechanism which would be provided by Siteminder. When login page is displayed to user the username and password would be Authenticated by Siteminder and Authorization will be done by Spring Security. I have gone through the reference guide and found following configuration can be used:
<security:http>
<!-- Additional http configuration omitted -->
<security:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
</security:http>

It is also mentioned - "It's also assumed that you have added a UserDetailsService (called “userDetailsService”) to your configuration to load the user's roles."

I am not quite clear about this userDetailsService bean. Can someone please provide extra information for this. Which interface should this bean implement ? Does it need to load authorization data for the user ?

Comment

Sorry, but I still don't understand how to implement the userDetailsService bean. Please can you provide me with any sample configuration that you may have used. For time being, I just want to confirm if the user has been authenticated correctly through Siteminder. I don't want to implement Authorization for the moment. Is there a way to do this ?

Please let me know if you require more information on this.
Thanks in advance ... sorry for my lack of knowledge

Comment

As Luke mentioned there is information about the UserDetailsService and the provided implementations in the reference. If you are just playing around right now, the In-Memory Authentication section will likely work well for you. If you are looking for full examples, you can refer to the samples.

Comment

I am using Spring Security 3.0. What I want to implement is that the user should be shown a login page (part of our webapp) where he enter his username and password. On clicking submit the request will travel to Siteminder web agent to be authenticated. On succesful authentication the username appended would be added in the header with key 'SM_USER'. Once request comes back to our webapp we let Spring take care of authorization. So in short, want to implement Authentication by Siteminder and Authorization by Spring Security.